Privacy & Information Security Law Blog

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018. Covered entities must file the certification, which covers the 2017 calendar year, at the NYDFS online portal.

Maria T. Vullo, the Superintendent of the NYDFS, noted the critical importance of the certification of compliance and stated that “DFS’s regulation requires each entity to have an annual review and assessment of the program’s achievements, deficiencies and overall compliance with regulatory standards and the DFS cybersecurity portal will allow the safe and secure reporting of these certifications. DFS’s goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examinations to ensure that proper cybersecurity governance is being practiced by our regulated entities. As DFS continues to implement its landmark cybersecurity regulation, we will take proactive steps to protect our financial services industry from cyber criminals.”

Superintendent Vullo also announced that the NYDFS will incorporate cybersecurity in all of its regulatory examinations. This includes adding questions related to cybersecurity to “first day letters,” which are notices that the NYDFS issues to commence its examinations of financial services companies, including examinations of banks and insurance companies for safety and soundness and market conduct.

Read more about other key deadlines for the NYDFS cybersecurity regulation.